package com.xhh.fs.controller;

import com.xhh.fs.pojo.User;
import com.xhh.fs.result.Result;
import com.xhh.fs.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.util.HtmlUtils;

import javax.servlet.http.HttpSession;

@Controller
public class LoginController {
    @Autowired
    UserService userService;

    @CrossOrigin//解决跨域
    @PostMapping(value = "api/login")
    @ResponseBody
    public Result login(@RequestBody User user, HttpSession session){//接受前端参数
        String username = user.getUsername();
        username = HtmlUtils.htmlEscape(username);//转义，分防止CSS攻击
        User requsetUser = userService.getByNAP(username, user.getPassword());
        if (requsetUser == null){
            return new Result(400);
        }else
        {
            session.setAttribute("user",user);//保存用户信息
            return new Result(200);
        }
    }
}
